Quirky trends in PINs include 420 and 69: Password hat tips to 007, Pi, 8675309

Is your credit card PIN number 1234? Sadly that unimaginative choice accounted for 11% of the 3.4 million four-digit passwords recently analyzed. Does your banking PIN, or mobile phone password, start with 19? 

19xx PIN number popularity phenomenon

If so, then a crook stands a decent chance at cracking your security code. Whether 19xx stands for an anniversary, birth year, MMDD birthdate, PINs that begin with 19 make up the top fifth of the dataset.

All of these PIN numbers and passwords were previously exposed by being stored unencrypted in databases. Now thanks to Data Genetics for doing the mind-boggling math, you can find out how safe your credit card PIN or smartphone numeric password is.

Most popular first digit of credit card PIN numbers

As you can see in the graph on the right, "1" is most assuredly not the loneliest number. Instead, it is the most popular first digit for a PIN.

Since each of the 10,000 combinations from 0000 – 9999 were used, it made truth of the Pastebin prank 'All credit card PIN codes in the world leaked.' That joke and an XKCD cartoon inspired the analysis.

20 most popular PIN numbers

These top 20 passwords made up almost 27% of the dataset. "I hope this article will scare you into being a little more careful in how you select your next PIN number," the researchers said. About half of the 7 million all-numeric passwords were four-digit codes. “Six-digit codes are the next most popular length, followed by eight," Data Genetics wrote. “I hope, hope that the people who have passwords of nine digits long are not using their Social Security Numbers!”

Thinking of all the hacks, breaches and compromises in the last year alone, I was curious about the total number of passwords Data Genetics analyzed.

Nick Berry, president of Data Genetics, told me, “There were 3,359,402 four digit all numeric passwords in the database I used. There were 6,775468 all numeric 4-10 digit passwords in the database I used.” He was traveling and couldn’t tap into his database right then, but he filtered the all-numeric passwords from a staggering list of “close to 100 million!” It's super sad on a security scale to know that many were stored in an unencrypted form.

Besides 1, people also “love to start their PIN numbers with 0.” There were the usual uninspired choices like 1234, patterns like 1212 or 1122, and repeating digits like 1111 or 0000. Repeating pairs in the XYXY format made up 17.8% of all PINs. However, selecting a PIN is also influenced by visual keypad layout clues like 2580 which runs down the center of an ATM or phone.

Some of the least popular passwords included two-digit sequences with “larger numerical gaps between them” such as 29 and 37. At the time of analysis, 8068 was the safest PIN and appeared only 25 times in the dataset. Berry says please don’t jump on that number if you change your PIN because “hackers can read too!” Expect cybercrooks to “be promoting 8068 up their attempt trees.” The next safest PINs were 8093, 9629, 6835 and 7637.

Here are some of my favorite quirky PIN and password popularity tidbits:

·         Coming in at #20 in popularity for PINs with five digits is the combination 420 and 69; perhaps referencing some people’s favorite pastimes?

·         Math fans chimed in at #17 with Pi represented as 3141592654 on the ten-digit password list.

·         Popular six-digit PINs included 696969 and a hat tip to James Bond 007007.

·         When it comes to seven digits, the fourth most popular numeric password clearly included some Tommy Tutone fans looking for a good time with Jenny at 8675309. Since the song in now stuck in my head, here’s some trivia: In the 80s, that infamous number “drove the phone companies (and their customers) nuts.” In 2009, a Vonage version of the number sold on eBay for $186,853.09; and the infamous number still pops up as Easter eggs in various media.

Should people try to push their bank or credit card company into offering more than four-digit numeric passwords? Berry told me, “Of course, why would people not want the option of a longer PIN? It's like asking people if they would like to be healthy!” However, when I called a couple banks and asked about a longer option, their responses seemed to insinuate the very idea of a longer PIN was born of a 4:20 or other under-the-influence minute.

Back to the PIN analysis, Data Genetics wrote:

If you are a developer,  tester  or  executive  I hope you are sufficiently paranoid that you will immediately check to see that your systems do not store sensitive information, like passwords, unencrypted. The entire reason I was able to perform this analysis is because dumb stupid and lazy coders stored information in clear text. Your lazyness has the potential to impact millions.

Thank you to Data Genetics for allowing me to reproduce some charts. I highly recommend you check out the interesting analysis as it’s written in a fashion that is easy to comprehend . . . even for people who hate math.

Copyright © 2012 IDG Communications, Inc.

  
Shop Tech Products at Amazon